/portalAPI/ApprovalRequest/*

7 min. readlast update: 02.05.2025

This article will encompass all portalAPI calls that are related to /portalAPI/ApprovalRequest/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance: 

Locating Your Organization's Instance | ThreatLocker Help Center

 

For more information on use cases and examples of processing Application Control Approval Requests through API, see this KB article:

Processing Application Control Approval Requests through API | ThreatLocker Help Center

 

ApprovalRequestGetFileDownloadDetailsById

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetFileDownloadDetailsById

  • Method: GET
  • Description: This API is used to get the file download details for a requested file when clicking on an Application Control Approval Request in the Response Center of the ThreatLocker Portal. This API returns the filename and the fileUrl which can be used to download the file directly. Be sure to get the full filename in the URL when using this API to download the file. If looking to get the file download details from an approval request in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • approvalRequestId: This field determines what file information will be returned based on what was requested in the supplied approval request.
      • Expects: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals

 

ApprovalRequestGetPermitApplicationById

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetPermitApplicationById

  • Method: GET
  • Description: This API is used when clicking on an Application Control Approval Request in the Response Center of the ThreatLocker Portal. This API gets all the information related to the request itself, including all the id values and the formatted json field needed to utilize the ApprovalRequestPermitApplication endpoint. If looking to view an approval request from a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below.
    • statusId: This is one of the fields returned by this API and is used to determine the status of the request. Listed below are the Integer values that will be displayed and the corresponding status of each value.
      • Pending = 1
      • Ignored = 10
      • Approved = 4
      • Self-Approved = 16
      • Not Learned = 6
      • Added to Application = 12
      • Escalated from the Cyber Heroes = 13
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • approvalRequestId: <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals

 

ApprovalRequestGetByParameters

https://portalapi.INSTANCE.threatlocker.com/portalapi/ApprovalRequest/ApprovalRequestGetByParameters

  • Method: POST
  • Description: This API is used on the Approval tab in the Response Center page in the ThreatLocker Portal to display all the approval requests in an organization. By default in the Portal, this API will get a list of all the pending requests, including requests from Application Control, Elevation Control, and Storage Control. If looking to view approval requests only for a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. Various fields are described below that can be changed to search and sort like you can on the Response Center page itself in the Portal.
  • Required Body/Parameters
    • Fields
      • statusId: This field is used to determine the status of the requests you want to view. This field expects one of the following Integer values to be entered.
        • Pending = 1
        • Ignored = 10
        • Approved = 4
        • Self-Approved = 16
        • Not Learned = 6
        • Added to Application = 12
        • Escalated from the Cyber Heroes = 13
      • pageNumber and pageSize: This value determines how many approval requests will be returned as if the response was on the Response Center page. However, this field does not follow the same conventions of the pageNumber and pageSize values as the Portal does (pageSize in the Portal is 25, 50, or 100). Any valid integer can be entered and it will return in the selected formatting. For instance, if there are 5 requests to be returned but “pageNumber” : 1 and “pageSize” : 2, 2 entries will be returned per page and the first two requests will be shown.
        • Expects: An Integer value
    • Required body
{
"statusId": <Integer>,
"pageNumber": <Integer>,
"pageSize": <Integer>
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
    • Fields
      • searchText: This field allows you to search through the list of your approval requests by inputting text/details you want to search for. This can be used to search based on a partial or full hostname, a partial or full username, or a partial or full file path. Anything that can be searched using the search bar on the Approval tab of the Response Center page can be entered into this field and returned.
        • Expects: Any text input
      • showChildOrganizations: This field will determine whether the requests from all child organizations will be returned or not. When set to true, all requests from all child organizations, including grandchild organizations, will be returned. When set to false, just the requests from the currently managed organization will be returned, typically this will be the parent organization.
        • Expects: true or false
      • orderBy: This field will order the requests that are shown based on the isAscending field (defaults to true) and the text entered below. This field expects the text from one of the below options to be entered exactly as they appear. From the options below, the username corresponds to the Hostname/Username column in the ThreatLocker Portal and the actiondate corresponds to the Last Updated column in the ThreatLocker Portal.
        • username
        • devicetype
        • actiontype
        • path
        • actiondate
        • datetime
      • isAscending: This field determines the order the requests are returned/shown. When isAscending is true, the requests will be returned in decreasing order, from high to low, based on the orderBy field utilized. When isAscending is false, the requests will be returned in increasing order, from low to high, based on the orderBy field utilized.
        • Expects: true or false
    • Optional body
{
"statusId": <Integer>,
"searchText": "<String>",
"showChildOrganizations": <Boolean>,
"orderBy": "<String>",
"isAscending": <Boolean>,
"pageSize": <Integer>,
"pageNumber": <Integer>
}
  • Permissions Needed for User
    • Approve for Entire Organization
    • Approve for Group
    • Approve for Single Computer
    • Approve for Single Computer Application Only
    • View Approvals
    • Elevation Administrator (User)
Was this article helpful?